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Current Internet usage for commercial applications is increasing exponentially. 
Electronic commerce trends are demanding greater security for network-enabled 
collaboration as well as business transactions that use Virtual Private Networks (public 
networks supporting communication between private hosts). Security measures are also 
necessary to enable applications for network rating standards, law enforcement, air traffic 
control, and wireless communications. Thus, the growth of commercial electronic 
communication demands a growth in security provision. Augmenting traditional data 
transport with security measures performed at end hosts can potentially degrade the 
performance of networked applications, creating an inherent security vs. performance 
tradeoff. 

This thesis addresses this tradeoff by adapting to current system loads and security 
requirements to provide adaptive security through dynamic resource allocation. This 
work targets multi-stream, networked collaborative applications running on 
heterogeneous, unstructured distributed computing platforms that resemble subsections of 
the Internet. The goal is to minimize security risk by enabling CPU and network 
resources to be available and dynamically applied to security operations as needed for 
application streams to vary their security levels. 

As the demand for network-based applications grows, the instances of changes in end- 
host connection requirements increase. Systems must have the capability to dynamically 
adapt security provision to changing requirements of hosts, networks, and applications. 
To address this need, this thesis presents a framework which incorporates admission 
control and run-time adaptive methods for per-stream security resource contracts within 
which these issues are addressed. This work comprises the following contributions: 
(1) formulation of new metrics to quantify performance and security; (2) formulation of 
rational mapping of user-requested security level to CPU resources; (3) formulation of 
heuristics for dynamically altering security level based on current resource allocation 



(patent pending); (4) formulation of the concept of risk as it applies to adaptive security; 
(5) formulation of joint optimization of computation resources for overall risk 
minimization; and (6) application of the mapping of security level to CPU and network 
resources to enable: (a) global tracking of resource availabilities of all registered end- 
hosts, (b) criticality-based risk management, and (c) on-line global optimization to 
minimize “exposure” for a system of multiple application connections 
between multiple hosts. 
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The Internet has become the medium of choice for communications between most 
Government and Military organizations. Unfortunately the key Internet protocols were 
not designed to provide security and their security vulnerabilities have become apparent. 
IPsec was developed to provide users with a range of security services, for both 
confidentiality and integrity, enabling them to securely pass information across networks. 
Automated security mechanisms are typically designed and/or calibrated to meet an 
organization's security policy. However, once the mechanism in operation the 
implemented policy is in a static state, and cannot be adjusted according to dynamic 
environmental conditions. This means that security mechanisms fail to reflect the policy 
that is appropriate for the changing contexts. Dynamic parameterization enables 
security mechanisms to adjust the level of security service 'on-the-fly' to respond to 
changing conditions (i.e., INFOCON, THREATCON). This work includes the extension 
of the attributes encoded by the KeyNote Trust Management System and modification of 
the IPsec mechanism to incorporate dynamic parameters into the security service 
selection mechanism, and the construction of a graphical user interface, for 
demonstrating 'proof-of-concept' of Dynamic Parameterization of OpenBSD 2.8 IPsec. 
Descriptors: * Information security; Policies; Automation; Management planning and 
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Text: 

...office wirelessly connected to a LAN behind 
the corporate firewall. 

Rappore Shield vl.l automatically changes security 
settings for wireless 

access when laptop users move from work to home or from home 
to an 

"on-the-road" location. At the... 



Dialog eLink: Order File HI stop. 

18/9/8 (Item 5 from file: 350) 

DIALOG(R)File 350: Derwent WPIX 

(c) 2009 Thomson Reuters. All rights reserved. 



0013332934 Drawing available 
WPI Acc no: 2003-420365/200339 
XRPX Acc No: N2003-335741 

Security management apparatus for portable personal computer, includes control 
unit for changing security level based on position of portable personal computer 
which is detected by position detector 

Patent Assignee: FUJITSU LTD (FUIT); KIHARA M (KIHA-I); MIZUTANI K (MIZU- 
I); ONO S (ONOS-I); OURA S (OURA-I); SAITO M (SAIT-I) 
Inventor: KIHARA M; MIZUTANI K; MIZUTANI Y; ONO J; ONO S; OURA S; 
SAITO M 



Patent Family ( 2 patents, 2 countries ) 


j Patent Number 


Kind Date 


Application 
Number 


Kind 


Date 


Update Type 


US 20030061 166 


\l 20030327 


US 200257865 


A 


20020129 


200339 IB 


.11' 2003099400 


A 120030404 


JP 2001293132 


A 


20010926 200^39 E 



Patent Details 


1 Patent Number iKind jLan jPgs 


Draw jFiling Notes 


US 20030061 166 A 1 jEN |14 


10 


JP 2003099400 A jJA ill 





Alerting Abstract US Al 

NOVELTY - The security management apparatus includes an input/output control unit 
for changing security level of a portable personal computer (PC) into one of the security 
levels which are stored in a security information table. The security level of the portable 
personal computer is changed based on the position of the portable PC which is detected 
by a position detector. 

DESCRIPTION - INDEPENDENT CLAIMS are also included for the following: 



1 . security management method; 

2. security management program; 

3. security control program; 

4. recorded medium storing security management program; and 

5. security level editing program. 



USE - For managing security of portable personal computer. 

ADVANTAGE - Reduces user's work of rebooting the operating system (OS), hence 
saves time. Improves security function by changing user's authority to boot an OS based 
on the geographical position. 

Original Abstract: 

A security management apparatus, a security management method and a security 
management program are provided which are capable of performing access control to 
files, folders, etc., according to a current position of a prescribed device such as a 
portable terminal to be managed, In order to perform security control on a portable 
terminal, etc., security levels of the portable terminal are stored in advance in a 
predetermined table in association with the positions of the portable terminal. The current 
position of the portable terminal is detected by means of a GPS or the like, and a security 
level corresponding to the current position of the portable terminal detected is acquired 
from the predetermined table, so that booting of programs and/or access control to files, 
folders, etc., in the portable terminal are carried out based on the security level thus 
acquired. 

Claim: 

What is claimed is: 

1. 1. A security management apparatus for managing the security of a prescribed 
device, said apparatus comprising: a position detecting section detecting a 
position of said prescribed device; and a control unit changing a security level of 
said prescribed device according to the position of said prescribed device detected 
by said position detecting section. 



